The revised eIDAS regulation (eIDAS 2.0) advocates a shift from federated identity management systems (such as SAML and OpenID Connect) to user-centric identity-based systems. It defines the European Digital Identity Wallet as a key component. The main goal is to enhance privacy by empowering citizens to selectively disclose personal data in a controlled way. To facilitate the implementation of an interoperable Wallet solution, the EU Commission published a reference architecture and identified a high-level set of requirements. However, comprehensive security and privacy guidelines to ensure a secure and privacy-preserving solution are still missing. To address this gap, we provide threat modeling explicitly designed for the Digital Identity Wallet context. This allows for identifying potential threats and a set of effective controls to secure the implementations.
Protecting Digital Identity Wallet: A Threat Model in the Age of eIDAS 2.0
Amir Sharif
;Zahra Ebadi Ansaroudi
;Giada Sciarretta
;Majid Mollaeefar
;Silvio Ranise
In corso di stampa
Abstract
The revised eIDAS regulation (eIDAS 2.0) advocates a shift from federated identity management systems (such as SAML and OpenID Connect) to user-centric identity-based systems. It defines the European Digital Identity Wallet as a key component. The main goal is to enhance privacy by empowering citizens to selectively disclose personal data in a controlled way. To facilitate the implementation of an interoperable Wallet solution, the EU Commission published a reference architecture and identified a high-level set of requirements. However, comprehensive security and privacy guidelines to ensure a secure and privacy-preserving solution are still missing. To address this gap, we provide threat modeling explicitly designed for the Digital Identity Wallet context. This allows for identifying potential threats and a set of effective controls to secure the implementations.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
